Title

The required dua- homed DISN Core or NIPRNet access circuits must follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs. (Cat II impact)

Discussion

One way to provide the greatest reliability and availability for DISN services is to provide redundancy in the network pathways between the customer site and the redundant DISN SDNs. The DISN core network is designed to be highly reliable and available in support of the DOD mission. The most vulnerable part of the network is the access circuit from the enclave to the core and the path it takes from the SDN to the customer's site. Therefore, redundant access circuits should be provisioned. Physical pathways for communications network access circuits are vulnerable to physical disruption from a variety of threats, both natural and manmade. These threats range from storm damage (falling trees, floods) to being damaged through digging, downed utility poles, or malicious acts, including war and terrorism. To overcome the physical threat, the redundant circuits should follow geographically diverse paths.

Check Content

Inspect the documentation for the pathways taken by the access circuits to determine compliance with the requirement. Obtain the pathway documentation for the facilities on-site. Additionally, obtain information from the DISN core PMO and/or local carrier of the access circuits for the pathways off-site. Verify the ISSO maintains a copy for future inspections. Changes to the pathways must also be recorded and maintained. If the required dual-homed circuits follow the same path or are close enough anywhere along their length to be damaged by a single event, this is a finding.

Fix Text

Ensure dual-homed DISN Core or NIPRNet access circuits follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs. Ensure each circuit uses different facilities such as cables, demarks, and digital cross connects in geographically diverse locations. Ensure geographic and facilities information is maintained on-site and off-site. Ensure the paths taken by the access circuits remain significantly separate along their entire length so that a single point of failure is not created.

Additional Identifiers

Rule ID: SV-259917r948763_rule

Vulnerability ID: V-259917

Group Title: SRG-VOIP-000370

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.